Comments (0)

By Matthieu, 2018-04-08 10:28

Oracle have decided to disable access to Java apps that use MD5withRSA signatures. For instance, when launching the .jnlp file to connect to my Lantronix Spider remote KVM, I am presented with this error:

To fix this, we have to change Java’s security settings. Unfortunately, settings for signature algorithms are not in the Java Control Panel, so we have to edit the config files directly.

On macOS, the default JRE installation’s root directory ($JAVA_HOME) is

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home

on Windows, it would be

C:\Program Files\Java\jre1.8.0_131

where “1.8.0_131” is your specific Java version, and on Linux, JRE is installed in

/usr/lib/jvm/java-1.7.0-openjdk-amd64

once again where “1.7.0-openjdk-amd64” is your specific Java version.

In the JRE directory, we then need to edit the file

$JAVA_HOME/lib/security/java.security

and comment out the line that starts with “jdk.jar.disabledAlgorithms” by prefixing a #. Note that this will allow jar files signed with any algorithms to run, which can be considered insecure.

Sources:

• https://learningintheopen.org/2017/11/03/java-jnlp-error-weak-signature-algorithm-md5withrsa/
• https://stackoverflow.com/questions/15826202/where-is-java-installed-on-mac-os-x

Comments (0)

By Matthieu, 2017-09-14 14:31

After installing Wine in Ubuntu Gnome 17.04, I noticed that double-clicking on .exe files in Nautilus still opened them in Archive Manager. I tried the usual right-click > Properties > Open With, but Wine was not listed as an available option.

It turns out that in the Wine package for Ubuntu 17.04, the wine.desktop file is not created in /usr/share/applications, and so does not show up in the Gnome GUI. To make things work, we need to copy the wine.desktop file from /usr/share/doc/wine-stable/examples/ to /usr/share/applications/

sudo cp /usr/share/doc/wine-stable/examples/wine.desktop /usr/share/applications/

Then edit the .desktop file to unhide it from the menus –

sudo nano /usr/share/applications/wine.desktop

Change NoDisplay=true to NoDisplay=false

Now, “Wine Windows Program Loader” is available as a choice in the Properties > Open With list.

Comments (0)

By Matthieu, 2017-04-10 20:07

Windows Default Soundfont

Arachna Soundfont

Comments (0)

By Matthieu, 2015-12-09 10:40

When setting up Postfix on Ubuntu/Debian as “Internet Site with smarthost” to use an external smtp relay, automatic e-mails intended for “root” (such as cron job error reports) get sent out to the smarthost with a To: address of [email protected] This can cause a problem as the smarthost doesn’t know where to deliver these messages to, since myhost.mydomain.com has no MX record.

The fix for this is (go figure) in the Postfix README:

Delivering some but not all accounts locally

A drawback of sending mail as “[email protected]” (instead of “[email protected]”) is that mail for “root” and other system accounts is also sent to the central mailhost. In order to deliver such accounts locally, you can set up virtual aliases as follows:

1 /etc/postfix/main.cf:
2     virtual_alias_maps = hash:/etc/postfix/virtual
3 
4 /etc/postfix/virtual:
5     root     [email protected]
6     . . .

Translation:

• Line 5: As described in the virtual(5) manual page, the bare name “root” matches “[email protected]” when “site” is equal to $myorigin, when “site” is listed in $mydestination, or when it matches $inet_interfaces or $proxy_interfaces.

Execute the command “postmap /etc/postfix/virtual” after editing the file.

Oddly, just adding the line

root: [email protected]

to /etc/aliases doesn’t work. You really need to do the steps outlined in the manual.

Comments (0)

By Matthieu, 2015-04-07 21:18

It’s really cool what we can do with computers these days. I generally take technology for granted, but sometimes I am just in awe of what is possible.

With the ubiquity of the Internet
It’s all too easy to forget
How amazing it is, that with relative ease –
Just a few strokes of the keys
A sysadmin can ssh to a box running Unix
On the other side of the world, or just across town.
And with just a few clicks
Bounce that Windows box that’s gone down.

Image credit: https://www.flickr.com/photos/stars6/4381851322/

Comments (0)

By Matthieu, 2015-03-29 23:40

I feel ready for the OPS235 exam. There are a few areas I need to brush up on, but overall I feel I have a grasp  of most of the course content.

Strengths

• CentOS installation
• KVM administration via GUI
• Package/software installation and updates
• tar and file archiving/management
• fstab and partition management

Weaknesses

• Knowledge of specific commands and arguments/switches (rely on man pages)
  • iptables syntax
  • lvm commands
• CentOS/RedHat-specific commands and conventions (used to Debian/Ubuntu)
• SELinux
• Memorization of .conf file structures

Exam review topics

• KVM network configuration
• User and group management

Comments (0)

By Matthieu, 2015-03-29 23:30

Software installed

Apache

Apache is an open-source web server software maintained by the Apache Software Foundation and the open-source community. It can be extended using modules, and is well-documented and well-supported. It is usually the de-facto standard Web server on Linux, although lately new and customized Web servers such as nginx have been becoming more popular for dynamic, high-traffic sites.

PHP

PHP is a server-side scripting language mainly used for web development. By writing PHP rather than plain HTML, developers are able to create pages that are dynamically generated by the server on the fly depending on parameters provided. The Zend PHP interpreter is open-source software, and is available as a module for multiple Web servers on Linux, Windows, BSD and other OSes.

MySQL

MySQL is an open source relational database management system (RDBMS). It is open-source software, released under the GPL and sponsored by Oracle Corporation. The software is available at no cost, although there are also some paid versions. It has widespread use in Web applications, such as WordPress and MediaWiki, and is also used by large sites such as Facebook and YouTube.

LAMP stack

Together, CentOS (Linux), Apache, MySQL and PHP form an implementation of a LAMP stack. This stack provides a consistent, portable environment for Web developers.

WordPress

WordPress is an open-source blogging platform and CMS. It is written in PHP, and uses a MySQL database for text content storage and metadata. It provides an easy-to-use user interface, and is highly extensible and customizable with a large number of user-creatable themes and plugins. WordPress powers some prominent sites such as Forbes.com, vogue.com and nationalpost.com.

Problems encountered during installation

• The systemctl command was not available, since this install of CentOS is using upstart rather than systemd.
• There was no default index page created during the install of httpd. As a result, accessing HTTP on the Centos3 VM server gave an HTTP error 403 (Access denied) – the default Apache configuration denies directory listings.
• The c6host machine was not able to access the HTTP service on centos3 because its iptables was not configured to allow inbound traffic on port 80.
• When configuring iptables on centos3, running iptables -A INPUT -p tcp –dport 80 -j ACCEPT was notsufficient.
  • The -A option appends the rule to the end of the INPUT chain, however, there was a pre-existing explicit rule rejecting all packets.

     REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

  • To move the new rule above the reject rule, the incorrect rule had to be removed by running iptables -D INPUT -p tcp –dport 80 -j ACCEPT
  • Then, find the line numbers by running iptables -L –line-numbers

     Chain INPUT (policy ACCEPT)
     num  target     prot opt source               destination
     1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
     2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
     3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
     4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
     5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

  • Use iptables -I INPUT 5 -p tcp –dport 80 -j ACCEPT to insert the new rule above the existing rule 5.
  • Running iptables -L –line-numbers again gives the following output:

    Chain INPUT (policy ACCEPT)
    num  target     prot opt source               destination
    1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
    3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
    5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
    6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

• The contents of the WordPress .tar.gz file were extracted to /root/wordpress. Moving this directory to /var/www/html resulted in the Apache process not being able to read the wordpress subdirectory. Copying (cp -R) avoids this issue.
• When configuring the WordPress connection to MySQL, the WordPress documentation said to run the query

  mysql> GRANT ALL PRIVILEGES ON databasename.* TO "wordpressusername"@"hostname"
      -> IDENTIFIED BY "password";

  to allow access to the database. However, since the MySQL server and Apache/WordPress are installed on the same host, we need to use “localhost” rather than “centos3” for the hostname.

Comments (0)

By Matthieu, 2014-10-15 08:53

Not sure of the implications of this/best practices, but I just added

$_SERVER['HTTPS'] = 'on';

to my index.php.

Reason for this is that I am running a php app behind a reverse proxy, with the connection between the app server and the reverse proxy being plain HTTP, but the connection between the client and the reverse proxy is HTTPS.

Comments (0)

By Matthieu, 2014-08-02 21:37

I don’t really play DVDs on my PCs much anymore, but my brother have me the full boxed set of Freaks and Geeks (great show, cancelled too soon). Running on a fresh install of Ubuntu 14.04, I popped in the DVD and was prompted by “Video Player” aka Totem to install some additional codecs. I obliged, but after the installation, the DVD still wouldn’t play. It turns out that because of legal issues, the libdvdcss2 library is no longer included in the Ubuntu repositories. However, the libdvdread4 package does provide a script to easily install it.

Once you have libdvdread4 installed, run following script:

# sudo /usr/share/doc/libdvdread4/install-css.sh

Restart your video player and enjoy your DVD.

Comments (0)

By Matthieu, 2014-03-22 15:03

Windows XP is going out of support next month.. This means Microsoft will no longer provide security updates or any patches for the OS, leaving users of the 12-year old version of Windows more vulnerable to emerging threats.

On this occasion, let’s take a moment to put dear old WinXP’s age in perspective. But first, some mood music:

When Windows XP was released…

Bill Gates was still CEO of Microsoft.

Gates with his new baby. Also Alias.

Friends, Buffy the Vampire Slayer, The X-Files, Frasier and Sex and the City were still airing new episodes.

Vampires were still scary.

The one where Monica and Chandler are married and Rachel is freaking out.

We had yet to see shows like The Office, Arrested Development, House and How I Met Your Mother.

There was no Gregory House in 2001.

The current-gen iMac had a CRT display.

This was the competition.

There was only The Matrix.

This was true in 2001.

The “War on Terror” had only just begun.

The President of the USA.

The BlackBerry 950 was the current model.

Portable productivity for the business professional.